mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-09 05:23:16 +02:00
25810838c3
In the dns_adblocking role, assign each Algo user a domain name, allowing connected users to communicate internally without having to know each other's VPN IP addresses. The user can set this in config.cfg as vpn_domain. This required one potentially breaking change: disallowing multiple connections from the same Algo user. The server's ipsec.conf is also modified, with a connection per-user that sets an IP address based on the order the user appears in the config.cfg file. Finally, a new /etc/hosts.ipsecclients file is created, which maps from the IP addresses assigned in ipsec.conf to $user.$vpn_domain
67 lines
1.6 KiB
YAML
67 lines
1.6 KiB
YAML
---
|
|
- block:
|
|
|
|
- name: The DNS tag is defined
|
|
set_fact:
|
|
local_dns: Y
|
|
|
|
- name: Dnsmasq installed
|
|
package: name=dnsmasq
|
|
|
|
- name: Ensure that the dnsmasq user exist
|
|
user: name=dnsmasq groups=nogroup append=yes state=present
|
|
|
|
- name: The dnsmasq directory created
|
|
file: dest=/var/lib/dnsmasq state=directory mode=0755 owner=dnsmasq group=nogroup
|
|
|
|
- include: ubuntu.yml
|
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
|
|
|
- include: freebsd.yml
|
|
when: ansible_distribution == 'FreeBSD'
|
|
|
|
- name: Dnsmasq configured
|
|
template:
|
|
src: dnsmasq.conf.j2
|
|
dest: "{{ config_prefix|default('/') }}etc/dnsmasq.conf"
|
|
notify:
|
|
- restart dnsmasq
|
|
|
|
- name: VPN hosts file configured
|
|
template:
|
|
src: etc.hosts.ipsecclients.j2
|
|
dest: "{{ config_prefix|default('/') }}etc/hosts.ipsecclients"
|
|
notify:
|
|
- restart dnsmasq
|
|
|
|
- name: Adblock script created
|
|
template:
|
|
src: adblock.sh.j2
|
|
dest: /usr/local/sbin/adblock.sh
|
|
owner: root
|
|
group: "{{ root_group|default('root') }}"
|
|
mode: 0755
|
|
|
|
- name: Adblock script added to cron
|
|
cron:
|
|
name: Adblock hosts update
|
|
minute: 10
|
|
hour: 2
|
|
job: /usr/local/sbin/adblock.sh
|
|
user: root
|
|
|
|
- name: Update adblock hosts
|
|
command: /usr/local/sbin/adblock.sh
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: Dnsmasq enabled and started
|
|
service:
|
|
name: dnsmasq
|
|
state: started
|
|
enabled: yes
|
|
rescue:
|
|
- debug: var=fail_hint
|
|
tags: always
|
|
- fail:
|
|
tags: always
|